All things remote or all solutions remote

Hi experts,

Sorry in advance for the long question. In many ways, it makes the answer that much shorter as I could be close to being correct on some. Or even a great resource as long as my VPN and desktop question is addressed.

I am still trying to grasp completely the advantages of different remote connections. I basically use RDP and RWW. But, I know of a lot of the other modalities out there, and I dont always know which is best and why. A great deal of this stems from the message boards I frequent for my Amazing Charts electronic medical record. I am the admin there and tend to answer most of the actual EMR questions as well as many computer and networking questions, but I get a bit bogged down when the R topic comes up. R being remote. Many of the users on the AC board tend to ask very wide open and nebulous questions such as I am setting up a network. What computers, OSs, server and how should I network it? And, should I do peer-to-peer or client/server? I am sure you dont get questions like that on here, lol. My other favorite question is the one where a doctor says, we have two offices and would like to connect the one network to the other. Should I use LogMeIn or GoToMyPC? While I know those wouldnt be very viable solutions, I am not always sure whether VPN or something else would work. By the way, I tend to tell them if you have to ask, then you need to hire someone.

But many of the questions are simply how do I log in from home. So, I am going to list the various ones I am familiar with and try to explain what I know and then ask you to correct me. I am hoping that I can one day actually understand all of the subtle nuances of these connections.

" Remote Web Workplace My understanding that RWW, which is actually RDP/RWW is extremely secure, even more so than VPN since traffic cant come back to the source computer and nothing is left on the remote computer. Also, port 4125 is not opened until your credentials and your being an RWW member is verified. Not to mention the other options it gives you.
" RDP a protocol first available on Windows XP that uses port 3389 to connect to the server using terminal services. I am not sure if it needs terminal services anymore. It is encrypted, but I do not think it is as secure overall as RWW.
" I have SBS Connection Manager on my PC, which connects to my server but nothing useful happens. Does RDP run through it like a VPN for better security?
" LogMeIn and GoToMyPC I have used these in the past, and I believe they would best be described as 3rd party programs which set up an SSL connection between your client computer and the host computer.
" UltraVNC and RealVNC, etc. Virtual Network Computing. Other than I believe the host computer uses TCP/IP, I have no idea.

All of these solutions control the host/remote computers and can see their computer screen and run programs, etc. Even though your Internet connection may only be 2MBs, you arent really sending data back and forth so the only limitation would be sending the controlling data?

Now, every time a user on the AC message board talks about remote access, the acronym VPN gets thrown around. I certainly understand that Virtual Private Networks are basically set up by tunneling through existing Internet cables to set up a secure connection. This connection is generally set up between two routers which are VPN capable. However, there are other ways to set this up such as computer to server, etc. which have their disadvantages. Now, where I get confused with VPN is doesnt it just connect two computers or networks together so that you are basically connected to or part of the other network? You can access files as if you are there. I just dont understand how you can interact with the computer at the desktop level. Do you need 3rd party software such as Citrix or whatever?

I know this is kind of a big question. In general, when a user asks how to remote in from home, if they cant use RDP and dont have SBS, I just recommend LogMeIn Free. For continual connection between offices, I suppose VPN would be the way to go.

Who is Participating?

I'm no VPN whiz, though as I understand it there are basically three types:

-Site-to-site, which establishes "permanent" connections between two separate networks (separate data carrier, domain, network scheme, etc).
-Client VPN in which you'd connect and authenticate via an installed client, such as Cisco's VPN client or through XP/Vista.
-SSL VPN which allows users to connect over SSL via a web browser.

You can technically establish a connection with a client or site-to-site VPN and gain access to a desktop or server via RDP, SSH, etc. You don't necessarily need a product such as Citrix. There are times when I'll connect from home with my Cisco VPN client after which time I can just RDP to any one of my servers. Other times I'll connect to my Citrix XenDesktop environment so I can work through a full XP desktop (Word, Outlook, etc).

1. You can set up ISA in SBS to accept VPN connections. Then from a remote computer, such as your home, you can set up XP/Vista to connect to that VPN connection. Depending upon how you set up ISA you could conceivably have access to your entire network, which could be good or bad.

2. Bandwidth does come in play. I'm not sure of the bandwidth demands of GoToMyPC. We use ICA (Citrix), which is extremely bandwidth friendly. These remote viewing protocols, such as ICA, are essentially just showing you screenshots of what is happening on the server as well as transporting keyboard and mouse clicks. Heavy multimedia and/or audio will increase the bandwidth demands.

3. Terminal Services is a service that allows users to connect to a hosted desktop or application. Terminal Services DOES use RDP. Citrix is very much like terminal services, though more robust and Citrix's ICA protocol is generally considered more robust and faster than RDP.

A VPN just establishes secure communications between two disparate networks. We have a handful of site-to-site VPNs running from our datacenter to various vendors, support providers and offices for which we provide support. Some of these VPNs are locked down meaning they only facilitate communication between one particular server on our end to the remote location. Others are rather wide open meaning nearly everything on both networks is visible to each other.

We are also a big Citrix shop. We run XenApp, XenDesktop, Access Gateways, Secure Gateway (retiring), web interface and XenServer. Citrix is a virtualization vendor. Their products specialize in virtualizing applications, desktops and servers.

So let me see if I can tie this together properly: you can connect from remote locations to a Citrix infrastructure. We have 15 locations throughout our state from which users work. We also outsource some work to a company in India. We also have people who work from home. All of these users connect to Citrix remotely and they do so through an SSL VPN connection. So by using this SSL VPN our users do gain access to virtual desktops and/or applications. They can run a full XP desktop or just a single application, such as our EMR product if they choose.

Thanks so much for the quick response. Are you referring to Centricity? And, is Logician now Centricity?

I definitely thing we, well I are getitng somewhere. Our hospital uses Citrix as well as Logician. I connected to our hospital via an EasyVPN from my PIX-501 using Citrix mainly to see x-rays and PowerChart, a CPOE system and information database.

I think, and you will probably agree, that the term VPN at least with people with less experience like myself, gets thrown around a lot. With our message board where I am the admin as well, I am probably in the top 5 to 10% of computerese. When users ask the question about remote access from home, I basically just watch the answers as LogMeIn and RDP, etc. are thrown about appropriately. In fact, I had one guy who I answer questions for ALL THE TIME who spent days talking about a VPN so he could log into a computer at night and check a patient or so on the EMR. I mentioned LogMeIn about 1,000 times. I finally told him if he didn't try log me in and mentioned VPN one more time, I wasn't going to talk to him. So, he ended up trying it and now that is all he uses.

Now, I do use RWW and RDP mainly. But, as I come out of digression here, many on the boards when talking about remote access, act like VPN is the only way to go when, in fact, for simple remote connectivity it is a bit of overkill and probably a little too technical for them.

But, with situations like you describe, I suppose VPN IS the way to go. I may be wrong here, but has it essentially made frame relay and dedicated T1 access obsolete?

But, you can't just have a VPN and be able to control the computer desktop or an app? You need something like Citrix, correct? So, that brings up a few quick questions to round out my knowledge:

1. I have SBS and am able to set up the SBS connection thing, which I believe is this very small VPN. It does nothing for me, but I think I can connect to my server and then use RDP so that it is more secure. Is that the case?

2. Are there certain instances where bandwidth come into play. Like with most of the solutions in the question, RDP or GoToMyPC, you are not having to wait on information going back and forth. I am not sure of an example of something like that.

3. What is terminal services? I sometimes read where RDP works with terminal services and sometimes without. Would Citrix in a way be like terminal services?